bin/124724: netstat coredump on -stable
Jaakko Heinonen
jh at saunalahti.fi
Mon Jun 23 19:00:12 UTC 2008
The following reply was made to PR bin/124724; it has been noted by GNATS.
From: Jaakko Heinonen <jh at saunalahti.fi>
To: Garrett Cooper <yanefbsd at gmail.com>
Cc: bug-followup at FreeBSD.org, heliar at at.nsu.ru
Subject: Re: bin/124724: netstat coredump on -stable
Date: Mon, 23 Jun 2008 21:58:56 +0300
Hi,
On 2008-06-19, Garrett Cooper wrote:
> > Same thing occurs on -CURRENT (backtrace):
> >
> > (gdb) bt
> > #0 0x280960ff in kvm_nlist () from /lib/libkvm.so.4
> > #1 0x2809b25e in memstat_kvm_malloc () from /usr/lib/libmemstat.so.2
> > #2 0x2809a0fa in memstat_kvm_all () from /usr/lib/libmemstat.so.2
> > #3 0x08050aa8 in mbpr (kvmd=0x0, mbaddr=0) at mbuf.c:103
> > #4 0x080500eb in main (argc=1, argv=0xbfbfec40) at main.c:510
>
> After doing some reading it appears that netstat is passing in an
> invalid value to memstat_kvm_all, which subsequently calls
> memstat_kvm_malloc for mbuf.c (kvmd = NULL). Calling malloc with NULL
> for a pointer address of course is invalid coding.
This happens when memf == NULL and nlistf != NULL (main.c). This
situation (where memf == NULL and nlistf != NULL) doesn't make sense
because kvm_openfiles(3) doesn't make use of nlistf value if memf is
null (kvm_openfiles() call at line 674 in r179949). If both mentioned
variables are NULL a live mode which copes with NULL values is enabled.
The bug is also reproducible with following command line:
$ netstat -m -N foo
Segmentation fault: 11
Below is a fix that makes it to exit with an error message if memf ==
NULL and nlistf != NULL.
After applying the fix:
$ netstat -m foo
netstat: no core file specified
--
Jaakko
Index: usr.bin/netstat/main.c
===================================================================
--- usr.bin/netstat/main.c (revision 179949)
+++ usr.bin/netstat/main.c (working copy)
@@ -492,7 +492,12 @@ main(int argc, char *argv[])
* Discard setgid privileges if not the running kernel so that bad
* guys can't print interesting stuff from kernel memory.
*/
- live = (nlistf == NULL && memf == NULL);
+ if (memf == NULL) {
+ if (nlistf != NULL)
+ errx(1, "no core file specified");
+ live = 1;
+ }
+
if (!live)
setgid(getgid());
More information about the freebsd-bugs
mailing list